Open process memory [read/wirte to it]

[wolfguardiann]

well , how do i do that in vb ?

i know how to do in C++ , but , how do i do that in vb?? can someone put a simple snippet or , a simple program/lines or w/e for like , hmmm... idk , reading values from pinball , or , w/e?


tyvm!! happy hacking , ty for suppport;

[willrulz188]

This is my memory editing snippet. Just place this code inside a module and use it in your programs if you wish Unfortunatly, i had coded this module in vb6, so not every command will work with vb.net. You may translate if you wish, i just ask that you re-post for others to use.


~~~~~Declarations~~~~~
[highlight=vbnet] Public Const PROCESS_ALL_ACCESS = &H1F0FFF
Dim f1holder As Integer
Dim timer_pos As Long
Dim hProcess As Long

Public Declare Function GetWindowThreadProcessId Lib "user32" (ByVal SomeValueIsStoredHere As Long, ByVal lpdwProcessId As Long) As Long
Public Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Public Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Object, ByVal lpBuffer As Object, ByVal nSize As Long, ByVal lpNumberOfBytesWritten As Long) As Long
Public Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Public Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal Classname As String, ByVal WindowName As String) As Long
Public Declare Function GetKeyPress Lib "user32" Alias "GetAsyncKeyState" (ByVal key As Long) As Integer
Public Declare Function ReadProcessMem Lib "kernel32" Alias "ReadProcessMemory" (ByVal hProcess As Long, ByVal lpBaseAddress As Object, ByRef lpBuffer As Object, ByVal nSize As Long, ByVal lpNumberOfBytesWritten As Long) As Long[/highlight]


~~~~~Module~~~~~
[highlight=vbnet] Public Function WriteALong(ByVal TheGame As String, ByVal TheAddress As Long, ByVal ThisIsTheValue As Long)
Dim SomeValueIsStoredHere As Long
Dim SomeValueIsStoredHereToo As Long
Dim SomeValue As Long
SomeValueIsStoredHere = FindWindow(vbNullString, TheGame)
GetWindowThreadProcessId(SomeValueIsStoredHere, SomeValueIsStoredHereToo)
SomeValue = OpenProcess(PROCESS_ALL_ACCESS, False, SomeValueIsStoredHereToo)
If (SomeValue = 0) Then
Exit Function
End If
WriteProcessMemory(SomeValue, TheAddress, ThisIsTheValue, 4, 0&)
CloseHandle(hProcess)
End Function[/highlight]
[highlight=vbnet] Public Function ReadALong(ByVal TheGame As String, ByVal TheAddress As Long, ByVal TheValue As Long)
Dim SomeValueIsStoredHere As Long
Dim SomeValueIsStoredHereToo As Long
Dim SomeValue As Long
SomeValueIsStoredHere = FindWindow(vbNullString, TheGame)
GetWindowThreadProcessId(SomeValueIsStoredHere, SomeValueIsStoredHereToo)
SomeValue = OpenProcess(PROCESS_ALL_ACCESS, False, SomeValueIsStoredHereToo)
If (SomeValue = 0) Then
Exit Function
End If
ReadProcessMem(SomeValue, TheAddress, TheValue, 4, 0&)
CloseHandle(hProcess)
End Function[/highlight]
[highlight=vbnet] Public Function ReadAFloat(ByVal TheGame As String, ByVal TheAddress As Long, ByVal TheValue As Single)
Dim SomeValueIsStoredHere As Long
Dim SomeValueIsStoredHereToo As Long
Dim SomeValue As Long
SomeValueIsStoredHere = FindWindow(vbNullString, TheGame)
GetWindowThreadProcessId(SomeValueIsStoredHere, SomeValueIsStoredHereToo)
SomeValue = OpenProcess(PROCESS_ALL_ACCESS, False, SomeValueIsStoredHereToo)
If (SomeValue = 0) Then
Exit Function
End If
ReadProcessMem(SomeValue, TheAddress, TheValue, 4, 0&)
CloseHandle(hProcess)
End Function[/highlight]
[highlight=vbnet] Public Function WriteAFloat(ByVal TheGame As String, ByVal TheAddress As Long, ByVal ThisIsTheValue As Single)
Dim SomeValueIsStoredHere As Long
Dim SomeValueIsStoredHereToo As Long
Dim SomeValue As Long
SomeValueIsStoredHere = FindWindow(vbNullString, TheGame)
GetWindowThreadProcessId(SomeValueIsStoredHere, SomeValueIsStoredHereToo)
SomeValue = OpenProcess(PROCESS_ALL_ACCESS, False, SomeValueIsStoredHereToo)
If (SomeValue = 0) Then
Exit Function
End If
WriteProcessMemory(SomeValue, TheAddress, ThisIsTheValue, 4, 0&)
CloseHandle(hProcess)
End Function[/highlight]


~~~~~Instructions~~~~~
Alright. In order for this to work, im gonna show you a quick example using that cheezy little Pinball game that comes with Windows XP.

lets say we turned the game on and made a button that we set the button command to this: [highlight=vbnet]
Private Sub Command1_Click()
Call WriteALong("3D Pinball for Windows, Space Cadet", &HA12EF4, 999999)
Call WriteALong("3D Pinball for Windows, Space Cadet", &HB8AEBA, 999999)
End Sub
[/highlight]

Basically what the code means, is that i Called the function "WriteALong" from the module that is just above. "3D Pinball for Windows, Space Cadet" is the window title, &HB8AEBA is the address. "999999" is the value you set that specific address to.

*Note: Add &H instead of the 2 00 (two zero's), Here's an example: Your address is 00L1FD4. You need to replace the 00 (two zero's) with an &H , then you would get this: &HL1FD4. If there is only 1 0 at the beginning then just replace it with an &. If there are no zero's at the beginning then this rule does not apply.


And thats it!

oh and p.s. This is basically how people use VB and make trainers for games and such.

Here

//short

[wolfguardiann]

tyvm , willruz , ill take a look whenever i can , im busy on job now lol , Thanked.


Edit: can i use that on vb 2008 ? cuz its 2006 , jut saw :P

['Bruno]

spoonfeed party

[willrulz188]

spoonfeed party

quoting isn't a hard job when you know where it is plus he needs to edit it
____

but next time google it like

Code:

site:mpgh.net Memory editing in visual basic

its not hard at all

Close?

['Bruno]

quoting isn't a hard job when you know where it is plus he needs to edit it
____

but next time google it like

Code:

site:mpgh.net Memory editing in visual basic

its not hard at all

Close?

i google it? I wont for sure...
Mainly because the OP should be the ONE googling it, second because i already know it.. but yea sure.. :X

[wolfguardiann]

yep , ive tryed usigg

site:mpgh.net Memory editing in visual basic

that was another help thread, but , i just didntget it , i get lots of errors , i need imports , and sheet , idk , it gives me errors


EDit: yeah , thats vb 2006 unfortunatelly , i need to vb 2008 :/ , vb 2006 is like old , but , to vb 2008 , what does change?

[Jason]

yep , ive tryed usigg

site:mpgh.net Memory editing in visual basic

that was another help thread, but , i just didntget it , i get lots of errors , i need imports , and sheet , idk , it gives me errors


EDit: yeah , thats vb 2006 unfortunatelly , i need to vb 2008 :/ , vb 2006 is like old , but , to vb 2008 , what does change?

Lol VB2006? no such thing.

VS 2005 was still VB.NET, albeit around .NET2.0 or some shit.

[willrulz188]

i google it? I wont for sure...
Mainly because the OP should be the ONE googling it, second because i already know it.. but yea sure.. :X

lol only this was too you..the rest was too the op

quoting isn't a hard job when you know where it is plus he needs to edit it

[wolfguardiann]

Originally Posted by NovaSynth View Post
This is my memory editing snippet. Just place this code inside a module and use it in your programs if you wish Unfortunatly, i had coded this module in vb6, so not every command will work with vb.net. You may translate if you wish, i just ask that you re-post for others to use.


see its vb 2006 :P , and i tryed searching on google , but didnt found anything. i need an vb 2008 example :/

[Jason]

Originally Posted by NovaSynth View Post
This is my memory editing snippet. Just place this code inside a module and use it in your programs if you wish Unfortunatly, i had coded this module in vb6, so not every command will work with vb.net. You may translate if you wish, i just ask that you re-post for others to use.


see its vb 2006 :P , and i tryed searching on google , but didnt found anything. i need an vb 2008 example :/

VB6 is Visual Basic 6.0, which is pre-2002.

I'll write a VB.NET example tomorrow, it's 4am now.

[wolfguardiann]

ok ty , just ofr u know , im using " Visual Basic 2008 Express edition "

[Jason]

First import the InteropServices namespace
[highlight=vb.net]
Imports System.Runtime.InteropServices
[/highlight]

Next come the imports and functions
[highlight=vb.net]
<DllImport("kernel32.dll", SetLastError:=True)> _
Public Shared Function WriteProcessMemory(ByVal hProcess As Int32, ByVal lpBaseAddress As UInt32, ByVal lpBuffer As Byte(), ByVal nSize As Int32, Optional ByRef lpNumberOfBytesWritten As Integer = 0) As Boolean
End Function

<DllImport("kernel32.dll", SetLastError:=True)> _
Public Shared Function ReadProcessMemory(ByVal hProcess As Int32, ByVal lpBaseAddress As UInt32, <Out()> ByVal lpBuffer As Byte(), ByVal iSize As Int32, Optional ByRef lpNumberOfBytesRead As Integer = 0) As Boolean
End Function

<DllImport("kernel32.dll")> _
Private Shared Function OpenProcess(ByVal dwDesiredAccess As Int32, ByVal bInheritHandle As Int16, ByVal dwProcessId As Int32) As Int32
End Function

Private Const PROCESS_ALL_ACCESS As Int32 = &H1F0FFF
Private Const PROCESS_VM_READ As Int32 = &H10
Private Const PROCESS_VM_WRITE As Int32 = &H20
Private Const PROCESS_QUERY_INFORMATION As Int32 = &H400

Private Function GetProcessHandle(ByVal processName As String, Optional ByVal creationFlags As Int32 = (PROCESS_VM_READ Or PROCESS_VM_WRITE Or PROCESS_QUERY_INFORMATION)) As Int32
Dim namedProcesses As Process() = Process.GetProcessesByName(processName) 'get all the processes running with the given name
If (namedProcesses.Length > 0) Then 'if the process is running
Dim tempHandle As Int32 = OpenProcess(creationFlags, 1, namedProcesses(0).Id) 'try opening the process (first one in the array)
If tempHandle > 0 Then Return tempHandle 'valid handle, return it
End If
Return -1 'something went wrong, illustrate that to the caller.
End Function

Private Function ReadMemory(Of T)(ByVal hProcess As Int32, ByVal address As UInt32) As T
'YAYAYAYAYAYAYA GENERICS AGAIN.
Dim sizeToRead As Integer = Marshal.SizeOf(GetType(T)) 'find how big (in bytes) the structure we're reading will be. (int is 4 bytes...etc)
Dim buffer(sizeToRead - 1) As Byte 'it's sizeToRead - 1 because VB is shit with arrays.
ReadProcessMemory(hProcess, address, buffer, sizeToRead) 'read the memory into the buffer.
Dim tempHwnd As GCHandle = GCHandle.Alloc(buffer, GCHandleType.Pinned) 'temporarily pin the bytes into unmanaged memory so we can marshal them into a structure
Dim foundStruct As T = CType(Marshal.PtrToStructure(tempHwnd.AddrOfPinned Object(), GetType(T)), T) 'marshal the unmanaged bytes to a structure
tempHwnd.Free() 'free the temporary handle, very important so we don't have random chunks of data floating around unmanaged memory and clogging up space
Return foundStruct 'return our structure, yay.
End Function
[/highlight]

Now to use it...
[highlight=vb.net]
Dim procHwnd As Int32 = GetProcessHandle("pinball")
Dim randomValue As Integer = ReadMemory(Of Integer)(procHwnd, &HDEADBEEF)
'...just change the "of integer" to "of whatevertypeyouwanttoread", don't use strings or arrays though, unless you want to manually write the functionality.
[/highlight]

End.

[wolfguardiann]

tyvm , ill try to use it , its 01:04 now, and ill test this later , but , tyvm till now , and for evrything till now!!!!
thanked

EDIT:ahh forget it , lol , i tried now , and is reading the values from the game i want , nice , how do i Write to it then ? all the codes up there make it able to Read, ok , and to wirte? its lots of things? if im asking too much u can say but, can u post what else i need in orden to Write now? tyvm for evrything ure doing, ill thank u once again , and if u solve this for me , ill give 2 thanks !! tyvmfor support till now!!

[Jason]

Alright off the top of my head, write it like this:

[highlight=vb.net]
Private Function WriteMemory(Of T)(ByVal hProc As Int32, ByVal pAddress As UInt32, ByVal [object] As T) As Boolean
Dim sizeof As Integer = Marshal.SizeOf(GetType(T)) 'first thing we're going to do is convert the object to a byte array.
Dim tempHandle As GCHandle = GCHandle.Alloc([object], GCHandleType.Pinned) 'allocate it to memory
Dim tempBytes As Byte() = ReadUnmanagedBytes(tempHandle.AddrOfPinnedObject() , sizeof) 'read the bytes into an array
tempHandle.Free() 'free the handle
Return WriteProcessMemory(hProc, pAddress, tempBytes, tempBytes.Length) <> 0
End Function

Private Function ReadUnmanagedBytes(ByVal startAddr As IntPtr, ByVal dwSize As Int32) As Byte()
Dim output(dwSize - 1) As Byte
For i As integer = 0 to dwSize - 1
output(i) = Marshal.ReadByte(startAddr, i)
Next
return output
End Function
[/highlight]

Sorry if there is any syntax errors, CBF opening VB.